- update to 2.6.0
* Bug Fixes
- The following bugs have been fixed:
- Dumpcap might not quit if Wireshark or TShark crashes.
(Bug 1419)
* New and Updated Features
The following features are new (or have been significantly
updated) since version 2.5.0:
- HTTP Request sequences are now supported.
- Wireshark now supports MaxMind DB files. Support for GeoIP
and GeoLite Legacy databases has been removed.
- The Windows packages are now built using Microsoft Visual
Studio 2017.
- The IP map feature (the “Map” button in the “Endpoints”
dialog) has been removed.
The following features are new (or have been
significantly updated) since version 2.4.0:
- Display filter buttons can now be edited, disabled, and
removed via a context menu directly from the toolbar
- Drag & Drop filter fields to the display filter toolbar or
edit to create a button on the fly or apply the filter as
a display filter.
- Application startup time has been reduced.
- Some keyboard shortcut mix-ups have been resolved by
assigning new shortcuts to Edit → Copy methods.
- TShark now supports color using the --color option.
- The "matches" display filter operator is now case-insensitive.
- Display expression (button) preferences have been converted
to a UAT. This puts the display expressions in their own file.
Wireshark still supports preference files that contain the
old preferences, but new preference files will be written
without the old fields.
- SMI private enterprise numbers are now read from the
“enterprises.tsv” configuration file.
- The QUIC dissector has been renamed to Google QUIC
(quic → gquic).
- The selected packet number can now be shown in the Status Bar
by enabling Preferences → Appearance → Layout → Show selected
packet number.
- File load time in the Status Bar is now disabled by default
and can be enabled in
Preferences → Appearance → Layout → Show file load time.
- Support for the G.729A codec in the RTP Player is now added
via the bcg729 library.
- Support for hardware-timestamping of packets has been added.
- Improved NetMon .cap support with comments, event tracing,
network filter, network info types and some Message Analyzer
exported types.
- The personal plugins folder on Linux/Unix is now
~/.local/lib/wireshark/plugins.
- TShark can print flow graphs using -z flow…
- Capinfos now prints SHA256 hashes in addition to RIPEMD160
and SHA1. MD5 output has been removed.
- The packet editor has been removed. (This was a GTK+ only
experimental feature.)
- Support BBC micro:bit Bluetooth profile
- The Linux and UNIX installation step for Wireshark will now
install headers required to build plugins. A pkg-config file
is provided to help with this (see “doc/plugins.example” for
details). Note you must still rebuild all plugins between
minor releases (X.Y).
- The Windows installers and packages now ship with Qt 5.9.4.
- The generic data dissector can now uncompress zlib compressed
data.
- DNS Stats now supports service level statistics.
- DNS filters for retransmissions and unsolicited responses
have been added.
- The “tcptrace” TCP Stream graph now shows duplicate ACKS and
zero window advertisements.
- The membership operator now supports ranges, allowing display
filters such as tcp.port in {4430..4434} to be expressed.
See the User’s Guide, chapter Building display filter
expressions for details.
* New Protocol Support
* Updated Protocol Support
- Too many protocols have been updated to list here.
* New and Updated Capture File Support
- Microsoft Network Monitor
* New and Updated Capture Interfaces support
- LoRaTap
- drop patch wireshark-1.2.0-geoip.patch, because file to patch
no more exists
OBS-URL: https://build.opensuse.org/request/show/603740
OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=246
- Wireshark 2.4.4:
* fixes for dissector crashes:
+ CVE-2018-5334: IxVeriWave file could crash (bsc#1075737)
+ CVE-2018-5335: WCP dissector could crash (bsc#1075738)
+ CVE-2018-5336: Multiple dissector crashes (bsc#1075739)
* No longer enable the Linux kernel BPF JIT compiler via the
net.core.bpf_jit_enable sysctl, as this would make systems
more vulnerable to Spectre variant 1 (bsc#1075748, CVE-2017-5753)
* Further bug fixes and updated protocol support as listed in:
ittps://www.wireshark.org/docs/relnotes/wireshark-2.4.4.html
OBS-URL: https://build.opensuse.org/request/show/563929
OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=238
This release fixes minor vulnerabilities that could be used to
trigger dissector crashes or infinite loops by making Wireshark
read specially crafted packages from the network or a capture
file (boo#1062645):
* CVE-2017-15192: BT ATT dissector crash (wnpa-sec-2017-42)
* CVE-2017-15193: MBIM dissector crash (wnpa-sec-2017-43)
* CVE-2017-15191: DMP dissector crash (wnpa-sec-2017-44)
* CVE-2017-15190: RTSP dissector crash (wnpa-sec-2017-45)
* CVE-2017-15189: DOCSIS infinite loop (wnpa-sec-2017-46)
OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=232
This release fixes minor vulnerabilities that could be used to
trigger dissector crashes, infinite loopsm or cause excessive use
of memory resources by making Wireshark read specially crafted
packages from the network or a capture file:
* CVE-2017-7702 CVE-2017-11410: WBMXL dissector infinite loop
(wnpa-sec-2017-13)
* CVE-2017-9350 CVE-2017-11411: openSAFETY dissector memory
exhaustion (wnpa-sec-2017-28)
* CVE-2017-11408: AMQP dissector crash (wnpa-sec-2017-34)
* CVE-2017-11407: MQ dissector crash (wnpa-sec-2017-35)
* CVE-2017-11406: DOCSIS infinite loop (wnpa-sec-2017-36)
OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=218
- Wireshark 1.12.5 [boo#930689]
- The following vulnerabilities have been fixed:
* The LBMR dissector could go into an infinite loop.
CVE-2015-3808 CVE-2015-3809 wnpa-sec-2015-12
* The WebSocket dissector could recurse excessively.
CVE-2015-3810 wnpa-sec-2015-13
* The WCP dissector could crash while decompressing data.
CVE-2015-3811 wnpa-sec-2015-14
* The X11 dissector could leak memory.
CVE-2015-3812 wnpa-sec-2015-15
* The packet reassembly code could leak memory.
CVE-2015-3813 wnpa-sec-2015-16
* The IEEE 802.11 dissector could go into an infinite loop.
CVE-2015-3814 wnpa-sec-2015-17
* The Android Logcat file parser could crash.
CVE-2015-3815 wnpa-sec-2015-18
- Further bug fixes and updated protocol support as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-1.12.5.html
OBS-URL: https://build.opensuse.org/request/show/306748
OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=142
- update to 1.8.4 [bnc#792005]
+ vulnerabilities fixed:
* Wireshark could leak potentially sensitive host name
resolution information when working with multiple pcap-ng
files.
wnpa-sec-2012-30 CVE-2012-5592
* The USB dissector could go into an infinite loop.
wnpa-sec-2012-31 CVE-2012-5593
* The sFlow dissector could go into an infinite loop.
wnpa-sec-2012-32 CVE-2012-5594
* The SCTP dissector could go into an infinite loop.
wnpa-sec-2012-33 CVE-2012-5595
* The EIGRP dissector could go into an infinite loop.
wnpa-sec-2012-34 CVE-2012-5596
* The ISAKMP dissector could crash.
wnpa-sec-2012-35 CVE-2012-5597
* The iSCSI dissector could go into an infinite loop.
wnpa-sec-2012-36 CVE-2012-5598
* The WTP dissector could go into an infinite loop.
wnpa-sec-2012-37 CVE-2012-5599
* The RTCP dissector could go into an infinite loop.
wnpa-sec-2012-38 CVE-2012-5600
* The 3GPP2 A11 dissector could go into an infinite loop.
wnpa-sec-2012-39 CVE-2012-5601
* The ICMPv6 dissector could go into an infinite loop.
wnpa-sec-2012-40 CVE-2012-5602
+ Further bug fixes and updated protocol support as listed in:
http://www.wireshark.org/docs/relnotes/wireshark-1.8.4.html
OBS-URL: https://build.opensuse.org/request/show/143616
OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=73
- update to 1.6.5 (fix bnc#741187, #741188, #741190)
- Security fixes:
- wnpa-sec-2012-01 Laurent Butti discovered that Wireshark failed to
properly check record sizes for many packet capture file formats.
(Bug 6663, bug 6666, bug 6667, bug 6668, bug 6669, bug 6670)
- wnpa-sec-2012-02 Wireshark could dereference a NULL pointer and
crash. (Bug 6634)
- wnpa-sec-2012-03 The RLC dissector could overflow a buffer. (Bug 6391)
- Bug fixes:
- "Closing File!" Dialog Hangs. (Bug 3046)
- Sub-fields of data field should appear in exported PDML as children
of the data field instead of as siblings to it. (Bug 3809)
- Incorrect time differences displayed with time reference set. (Bug 5580)
- Wrong packet type association of SNMP trap after TFTP transfer. (Bug 5727)
- SSL/TLS decryption needs wireshark to be rebooted. (Bug 6032)
- Export HTTP Objects -> save all crashes Wireshark. (Bug 6250)
- Wireshark Netflow dissector complains there is no template found though
the template is exported. (Bug 6325)
- DCERPC EPM tower UUID must be interpreted always as little endian.
(Bug 6368)
- Crash if no recent files. (Bug 6549)
- IPv6 frame containing routing header with 0 segments left calculates wrong
UDP checksum. (Bug 6560)
- IPv4 UDP/TCP Checksum incorrect if routing header present. (Bug 6561)
- Incorrect Parsing of SCPS Capabilities Option introduced in response
to bug 6194. (Bug 6562)
- Various crashes after loading NetMon2.x capture file. (Bug 6578)
- Fixed compilation of dumpcap on some systems (when MUST_DO_SELECT is
defined). (Bug 6614)
- SIGSEGV in SVN 40046. (Bug 6634)
OBS-URL: https://build.opensuse.org/request/show/100680
OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=48
